Avoid running org related code if there are no orgs in a realm
Closes #33424 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
parent
ebfb42f9c5
commit
ef48a3a360
3 changed files with 47 additions and 23 deletions
|
@ -338,15 +338,13 @@ public class UserCacheSession implements UserCache, OnCreateComponent, OnUpdateC
|
||||||
protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) {
|
protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) {
|
||||||
int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate);
|
int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate);
|
||||||
|
|
||||||
if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
|
if (isReadOnlyOrganizationMember(delegate)) {
|
||||||
if (isOrganizationDisabled(session, delegate)) {
|
return new ReadOnlyUserModelDelegate(delegate) {
|
||||||
return new ReadOnlyUserModelDelegate(delegate) {
|
@Override
|
||||||
@Override
|
public boolean isEnabled() {
|
||||||
public boolean isEnabled() {
|
return false;
|
||||||
return false;
|
}
|
||||||
}
|
};
|
||||||
};
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CachedUser cached;
|
CachedUser cached;
|
||||||
|
@ -978,10 +976,22 @@ public class UserCacheSession implements UserCache, OnCreateComponent, OnUpdateC
|
||||||
return List.of();
|
return List.of();
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isOrganizationDisabled(KeycloakSession session, UserModel delegate) {
|
private boolean isReadOnlyOrganizationMember(UserModel delegate) {
|
||||||
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
if (delegate == null) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
|
OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
|
||||||
|
|
||||||
|
if (organizationProvider.count() == 0) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
||||||
return organizationProvider.getByMember(delegate)
|
return organizationProvider.getByMember(delegate)
|
||||||
.anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
|
.anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
|
||||||
(!organizationProvider.isEnabled() && org.isManaged(delegate)));
|
(!organizationProvider.isEnabled() && org.isManaged(delegate)));
|
||||||
|
|
|
@ -114,16 +114,13 @@ public class UserStorageManager extends AbstractStorageManager<UserStorageProvid
|
||||||
*/
|
*/
|
||||||
protected UserModel importValidation(RealmModel realm, UserModel user) {
|
protected UserModel importValidation(RealmModel realm, UserModel user) {
|
||||||
|
|
||||||
if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION) && user != null) {
|
if (isReadOnlyOrganizationMember(user)) {
|
||||||
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
return new ReadOnlyUserModelDelegate(user) {
|
||||||
if (isOrganizationDisabled(session, user)) {
|
@Override
|
||||||
return new ReadOnlyUserModelDelegate(user) {
|
public boolean isEnabled() {
|
||||||
@Override
|
return false;
|
||||||
public boolean isEnabled() {
|
}
|
||||||
return false;
|
};
|
||||||
}
|
|
||||||
};
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (user == null || user.getFederationLink() == null) return user;
|
if (user == null || user.getFederationLink() == null) return user;
|
||||||
|
@ -932,10 +929,22 @@ public class UserStorageManager extends AbstractStorageManager<UserStorageProvid
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isOrganizationDisabled(KeycloakSession session, UserModel delegate) {
|
private boolean isReadOnlyOrganizationMember(UserModel delegate) {
|
||||||
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
if (delegate == null) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
|
OrganizationProvider organizationProvider = session.getProvider(OrganizationProvider.class);
|
||||||
|
|
||||||
|
if (organizationProvider.count() == 0) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// check if provider is enabled and user is managed member of a disabled organization OR provider is disabled and user is managed member
|
||||||
return organizationProvider.getByMember(delegate)
|
return organizationProvider.getByMember(delegate)
|
||||||
.anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
|
.anyMatch((org) -> (organizationProvider.isEnabled() && org.isManaged(delegate) && !org.isEnabled()) ||
|
||||||
(!organizationProvider.isEnabled() && org.isManaged(delegate)));
|
(!organizationProvider.isEnabled() && org.isManaged(delegate)));
|
||||||
|
|
|
@ -191,6 +191,11 @@ public class Organizations {
|
||||||
}
|
}
|
||||||
|
|
||||||
OrganizationProvider provider = getProvider(session);
|
OrganizationProvider provider = getProvider(session);
|
||||||
|
|
||||||
|
if (provider.count() == 0) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
AuthenticationSessionModel authSession = session.getContext().getAuthenticationSession();
|
AuthenticationSessionModel authSession = session.getContext().getAuthenticationSession();
|
||||||
|
|
||||||
if (authSession != null) {
|
if (authSession != null) {
|
||||||
|
|
Loading…
Reference in a new issue